Correct!
ANSWER: B.
In addition to factors A, C, and D, relevant penalty considerations
include whether there was a serious contravention by the
data controller and whether the contravention is of a kind
likely to cause substantial damage or substantial distress.
Under
United Kingdom data privacy law as recently amended, a penalty
of up to £500,000 ($1,000,000) may be imposed per occurrence
against a company for a data breach. Which one of the following
is not a factor that is considered in determining
severity of the penalty?
A.
Whether the contravention was deliberate;
B.
Whether the data controller previously registered with applicable
EU Privacy Authority;
C.
Whether the data controller knew or ought to have known
that there was a risk that the contravention would occur
and of a kind likely to cause substantial damage or substantial
distress;
D.
Whether the data controller took reasonable steps to prevent
the contravention.
|